{"containers":{"cna":{"affected":[{"platforms":["Mac"],"product":"WD Discovery","vendor":"Western Digital","versions":[{"lessThan":"4.4.396","status":"affected","version":"WD Discovery Desktop App","versionType":"custom"}]},{"platforms":["Windows"],"product":"WD Discovery","vendor":"Western Digital","versions":[{"lessThan":"4.4.396","status":"affected","version":"WD Discovery Desktop App","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-328","description":"CWE-328 Reversible One-Way Hash","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-09-19T19:43:53.000Z","orgId":"cb3b742e-5145-4748-b44b-5ffd45bf3b6a","shortName":"WDC PSIRT"},"references":[{"tags":["x_refsource_MISC"],"url":"https://www.westerndigital.com/support/product-security/wdc-22014-wd-discovery-desktop-app-version-4-4-396"}],"solutions":[{"lang":"en","value":"Users can download the latest version from the WD Discovery Downloads page [https://support.wdc.com/downloads.aspx?p=294&lang=en] or by following the instructions on the WD Discovery: Online User Guide [https://support-en.wd.com/app/answers/detailweb/a_id/20465]."}],"source":{"discovery":"EXTERNAL"},"title":"WD Discovery's Use of Weak Hashing Algorithm for Code Signing","x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"psirt@wdc.com","ID":"CVE-2022-29835","STATE":"PUBLIC","TITLE":"WD Discovery's Use of Weak Hashing Algorithm for Code Signing"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"WD Discovery","version":{"version_data":[{"platform":"Mac","version_affected":"<","version_name":"WD Discovery Desktop App","version_value":"4.4.396"},{"platform":"Windows","version_affected":"<","version_name":"WD Discovery Desktop App","version_value":"4.4.396"}]}}]},"vendor_name":"Western Digital"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-328 Reversible One-Way Hash"}]}]},"references":{"reference_data":[{"name":"https://www.westerndigital.com/support/product-security/wdc-22014-wd-discovery-desktop-app-version-4-4-396","refsource":"MISC","url":"https://www.westerndigital.com/support/product-security/wdc-22014-wd-discovery-desktop-app-version-4-4-396"}]},"solution":[{"lang":"en","value":"Users can download the latest version from the WD Discovery Downloads page [https://support.wdc.com/downloads.aspx?p=294&lang=en] or by following the instructions on the WD Discovery: Online User Guide [https://support-en.wd.com/app/answers/detailweb/a_id/20465]."}],"source":{"discovery":"EXTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T06:33:42.851Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.westerndigital.com/support/product-security/wdc-22014-wd-discovery-desktop-app-version-4-4-396"}]}]},"cveMetadata":{"assignerOrgId":"cb3b742e-5145-4748-b44b-5ffd45bf3b6a","assignerShortName":"WDC PSIRT","cveId":"CVE-2022-29835","datePublished":"2022-09-19T19:43:53.000Z","dateReserved":"2022-04-27T00:00:00.000Z","dateUpdated":"2024-08-03T06:33:42.851Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}